Initial Privacy Assessment
IPA Rev 5.3.16.docx
Enterprise Income Verification (EIV) System User Access Authorization Form and Rules of Behavior and User Agreement
Initial Privacy Assessment
OMB: 2577-0267
U.S. DEPARTMENT OF
HOUSING AND URBAN DEVELOPMENT
Initial Privacy Assessment
Enterprise Income Verification (EIV) System
User Access Authorization Form and Rules
of Behavior and User Agreement
OMB Control # 2577-0267
Office of Public and Indian Housing
Real Estate Assessment Center
March 2016
INITIAL PRIVACY ASSESSMENT (IPA)
The Initial Privacy Assessment (IPA) is use to determine whether a Privacy Impact Assessment (PIA) is required under the E-Government Act of 2002. The IPA is also used to determine if a System of Records Notice (SORN) is required under the Privacy Act of 1974.
The IPA is an administrative form created by the Privacy Branch to efficiently and effectively identify the use of Personally Identifiable Information (PII) across the Department. The IPA focuses on three areas of inquiry:
Business data and business processes within each HUD program.
Potential connections with individuals including the use of PII – any use of social security numbers must be specifically identified.
HUD’s program and support offices should ensure that its respective IPA is completed and sent to the Privacy Branch for approval. If SSNs are to be used, the IPA specifically identifies the justification and authority for using SSNs. Upon receipt of the IPA, the Privacy Branch determines the applicability of other privacy compliance requirements including the PIA and SORN. The IPA is complete when the Privacy Branch signs it and sends the final copy back to the identified point of contact.
Please complete this form and send it to the HUD Privacy Branch staff.
Janice Noble
Acting, Branch Chief
Privacy Branch
U.S. Department of Housing and Urban Development
If a PIA or SORN is required, a copy of the Privacy Impact Assessment and System of Records Notice form is available on the HUD Privacy Branch website, http://hudatwork.hud.gov/HUD/cio/po/i/privacy, on HUD@Work or directly from the HUD Privacy Branch via email: [email protected] to complete and return.
INITIAL PRIVACY ASSESSMENT (IPA) SUMMARY INFORMATION
Date Submitted for Review:
Name of System or Project: User Access Authorization Form and Rules of Behavior and User Agreement
System Name in CSAM: Enterprise Income Verification System
Name of Program Office: PIH/REAC
Name of Project Manager or System Owner: Larry Tipton
Email for Project Manager or System Owner: [email protected]
Phone Number for Project Manager or System Owner: 202-475-8746
Type of Project:
☐ Information Technology and/or System
☐ A Notice of Proposed Rule Making or a Final Rule:
☒ Form or other Information Collection:
☐ Other: Combination of Paper and Electronic Information Collection
SPECIFIC QUESTIONS
Describe the project and its purpose:
HUD’s regulations at 24 CFR 5.233, require PHAs to use the Enterprise Income Verification System (EIV) in its entirety to verify tenant employment and income information during mandatory reexaminations of family composition and income, and to reduce administrative and subsidy payment errors in accordance with 24 CFR 5.236 and administrative guidance issued by HUD.
The EIV System User Access Authorization Form-52676 and Rules of Behavior and User Agreement must be completed by prospective users prior to the public housing agency granting staff access to the EIV system or granting authorization to view system generated content. HUD requires each individual to complete a PDF or Microsoft Word fillable Form HUD 52676 each time an individual requests initial access to the PIH EIV System, a user’s access is modified, reinstated or terminated. Also, this form must be completed by an individual who will not access the EIV system, but will view and/or handle printed or electronic EIV information. This form enables HUD to: 1) identify the user; 2) verify the type of system access requested; 3) provide the user with HUD’s Rules of Behavior for system usage and information about the user responsibilities to protect data protected under the Federal Privacy Act (5 USC 552a) after access is granted; and 4) obtain the signature of the user certifying the user’s agreement to the Rules of Behavior and responsibilities associated with his/her use of the EIV system.
2. Status of Project:
☐ This is a new development effort.
☒ This is an existing project.
Date first developed: The EIV System was deployed on October 28, 2002
Date last updated: The EIV System was last updated on February 5, 2016 with the following changes:
1) There were changes for Multifamily Housing HQS users allowing them access the Certification screen.
2) The EIV Tenant Data Access Report was modified to change the method how search criteria is entered and how results are displayed.
<Please provide a general description of the update.>
From whom do you collect, process, or retain information on: (Please check all that apply)
☐ HUD Employees
☐ Contractors working on behalf of HUD
☒ The Public (PHA staff)
☐ The System does not contain any such information.
Do you use or collect Social Security Numbers (SSNs)? (This includes truncated SSNs)
☒ No.
☐ Yes. Why does the program collect SSNs? Provide the function of the SSN and the legal authority to do so:
<Please explain the purpose of the collection, the function and the legal authority to collect, maintain or transmit the SSN.>
What information about individuals could be collected, generated or retained?
HUD Form-52676 collects the Public Housing Agency (PHA) code, organization name, organization address, prospective user’s full name, HUD assigned user ID, Position Title, email address, office telephone and fax numbers and the type of work which involves the use of the EIV system, the type of system action requested, requested access roles to be assigned, public housing development numbers to be assigned and the prospective user’s signature and date of request.
If this project is a technology/system, does it relate solely to infrastructure? [For example, is the system a Local Area Network (LAN) or Wide Area Network (WAN)]?
☒ No. Please continue to the next question.
☐ Yes. Is there a log kept of communication traffic?
☒No. Please continue to the next question.
☐ Yes. What type of data is recorded in the log? (Please choose all that apply.)
☐ Header
☐ Payload Please describe the data that is logged.
<Please list the data elements in the log.> User login credentials
Does the system connect, receive, or share Personally Identifiable Information with any other HUD systems?
☐ No.
☒ Yes. Please list the systems: PIC, TRACS, (HUD Internal Systems)
Is this external sharing pursuant to new or existing information sharing access agreement (MOU, MOA, LOI, etc.)? No
Does the system meet all of the following requirements? No
There will be a group of records under the control of an agency that contains a personal identifier (such as a name, date of birth, SSN, Employee Number, fingerprint, etc.) of U.S. citizens and lawful permanent residents;
Contains at least one other item of personal data (such as home address, performance rating, blood type, etc.); and
The data about the subject individual IS retrieved by the name or unique identifier assigned to the individual.
☐ No.
☒ Yes.
If yes is there an existing System of Record Notice?
☐ No.
☒ Yes.
Is there an Authorization to Operate record within OCIO’s FISMA tracking system CSAM?
☐ Unknown
☐ No
☒ Yes. Please indicate the determinations for each of the following:
Confidentiality: ☐ Low ☒ Moderate ☐ High
Integrity: ☐ Low ☒ Moderate ☐ High
Availability: ☐ Low ☒ Moderate ☐ High
PRIVACY DETERMINATION
(TO BE COMPLETED BY THE HUD PRIVACY BRANCH)
Date reviewed by the HUD Privacy Branch: <Insert Date.>
Name of the HUD Privacy Branch Reviewer: <Please enter name of reviewer.>
DESIGNATION
☐ This is NOT a Privacy Sensitive System – the system contains no Personally Identifiable Information.
☐ This IS a Privacy Sensitive System
Category of System
☐ IT System
☐ Legacy System
☐ HR System
☐ Rule
☐ Other: ____________________________
Determination
☐ IPA sufficient at this time
☐ Privacy compliance documentation determination in progress
☐ PIA is not required at this time
☐ PIA is required
☐ System covered by existing PIA:
☐ New PIA is required
☐ PIA update is required
☐ SORN not required at this time
☐ SORN is required
☐ System covered by existing SORN:
☐ New SORN is required
HUD PRIVACY BRANCH COMMENTS:
DOCUMENT ENDORSMENT
DATE REVIEWED: |
PRIVACY REVIEWING OFFICIALS NAME: |
By signing below you attest that the content captured in this document is accurate and complete and meets the requirements of applicable federal regulations and HUD internal policies.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | h04105 |
| File Modified | 0000-00-00 |
| File Created | 2021-01-24 |
© 2024 OMB.report | Privacy Policy